CS472 - Principles of Information Security Module III Software vulnerabilities: Buffer and stack overflow, Cross site scripting (XSS) and vulnerabilities, SQL injection and vulnerabilities, Phishing.
Vulnerabilities • A vulnerability is a weakness or lacuna in a policy, procedure, protocol, hardware or software within an organization that has the potential to cause it damage or loss. Vulnerability Types • Human Vulnerabilities – Induced by careless/unthinking human behaviour – Ex. clicking on a link in an e-mail message from a questionable source – Related to phishing and cross-site scripting attacks • Protocol Vulnerabilities – Attacks on commonly used networking protocols such as TCP, IP, ARP, ICMP and DNS – Ex. Connection hijacking caused by ARP spoofing, etc. – Denial of Service Attacks (DoS) which exploit the 3-way TCP handshake – Pharming attacks exploit vulnerabilities in DNS • Software Vulnerabilities – Caused by sloppy software – Software may perform as expected under normal conditions but when provided with a specific input, it turns malicious – Examples include Buffer Overflow vulnerability, Cross-site Scripting (XSS) vulnerability and SQL Injection vulnerability • Configuration Vulnerabilities – relate to settings on system/application software, on files, etc. – Read-write-execute (and other) permissions on files (and other objects) may be too generous. – Privilege level assigned to a process may be higher than what it should be to carry out a task. – Often lead to “privilege escalation” attacks.
CS409(PIS)/Module3/CSE/SBCE 1
Downloaded From www.ktunotes.in Software Vulnerability • A software vulnerability is a security flaw, glitch, or weakness found in the software or in an OS (Operating System) that can lead to security concerns. • a vulnerability can be an error in the way that user management occurs in the system, an error in the code or a flaw in how it responds to certain requests. • One common vulnerability allows an attack called a SQL injection. It works on websites that query databases, such as to search for keywords. An attacker creates a query that itself contains code in a database programming language called SQL. • If a site is not properly protected, its search function will execute the SQL commands, which can allow the attacker access to the database and potentially control of the website.
Common types of software flaws that lead to vulnerabilities include: • Memory safety violations, such as: ✓ Buffer overflows and over-reads ✓ Dangling pointers • Input validation errors, such as: ✓ Code injection ✓ Cross-site scripting in web applications
CS409(PIS)/Module3/CSE/SBCE 2
Downloaded From www.ktunotes.in ✓ Directory traversal ✓ E-mail injection ✓ Format string attacks ✓ HTTP header injection ✓ HTTP response splitting ✓ SQL injection • Privilege-confusion bugs, such as: ✓ Clickjacking ✓ Cross-site request forgery in web applications ✓ FTP bounce attack • Privilege escalation • Race conditions, such as: ✓ Symlink races ✓ Time-of-check-to-time-of-use bugs • Side-channel attack ✓ Timing attack • User interface failures, such as: ✓ Blaming the Victim prompting a user to make a security decision without giving the user enough information to answer it ✓ Race Conditions ✓ Warning fatigue or user conditioning.
Buffer OverFlow (BOF) • The BOF vulnerability is one of the oldest and, by far, the most common of software vulnerabilities. • As early as 1988, the Morris worm was one of the first to exploit this vulnerability. • Since then, many creative ways of converting such a vulnerability into an exploit have been devised. • A buffer overflow (BOF) occurs when the space allocated to a variable (typically an array or string variable) is insufficient to accommodate the variable in its entirety. • For example, a certain amount of buffer space is allocated for an array. If array bounds are not checked while populating it, the array may overflow into contiguous memory and corrupt it. • Interestingly, this could cause an attacker to subvert the normal flow of a program. Malicious code supplied by the attacker in the buffer could be executed.
CS409(PIS)/Module3/CSE/SBCE 3
Downloaded From www.ktunotes.in • A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer's capacity is finite. For this reason, in many programming languages the programmer must declare the buffer's maximum size so that the compiler can set aside that amount of space. • In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. ... Exploiting the behavior of a buffer overflow is a well-known security exploit. • Let us look at an example to see how buffer overflows can happen. • Suppose a C language program contains the declaration: char sample [10]; • The compiler sets aside 10 bytes to store this buffer, one byte for each of the 10 elements of the array, sample [0] through sample [9]. Now we execute the statement: sample [10] = 'B’; • The subscript is out of bounds (that is, it does not fall between 0 and 9), • so, we have a problem. The nicest outcome (from a security perspective) • is for the compiler to detect the problem and mark the error • during compilation. However, if the statement were sample[i] = 'B'; • Let us examine this problem more closely. It is important to recognize that the potential overflow causes a serious problem only in some instances. • The problem's occurrence depends on what is adjacent to the array sample. For example, suppose each of the ten elements of the array sample is filled with the letter A and the erroneous reference uses the letter B, as follows: for (i=0; i<=9; i++) sample[i] = 'A’; sample[10] = 'B'
CS409(PIS)/Module3/CSE/SBCE 4
Downloaded From www.ktunotes.in
• If the extra character overflows into the user's data space, it simply overwrites an existing variable value (or it may be written into an as-yet unused location), perhaps affecting the program's result, but affecting no other program or data. • In the second case, the 'B' goes into the user's program area. If it overlays an already executed instruction, the user should perceive no effect. If it overlays an instruction that is not yet executed, the machine will try to execute an instruction with operation code 0x42, the internal code for the character 'B’. • If there is no instruction with operation code 0x42, the system will halt on an illegal instruction exception. Otherwise, the machine will use subsequent bytes as if they were the rest of the instruction, with success or failure depending on the meaning of the contents. Again, only the user is likely to experience an effect. Why is buffer overflow A vulnerability? • Key Concepts of Buffer Overflow. This error occurs when there is more data in a buffer than it can handle, causing data to overflow into adjacent storage. This vulnerability can cause a system crash or, worse, create an entry point for a cyberattack. C and C++ are more susceptible to buffer overflow.
CS409(PIS)/Module3/CSE/SBCE 5
Downloaded From www.ktunotes.in Why buffer overflow is a problem? • A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn't large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there Impact Buffer Overflow Vulnerability: • Unstable Program Behavior • System crash • Memory access errors • Code over-riding • Security exploitation threat • Un-authorized data access • Excursive privilege actions • Data theft and Data loss Types of Buffer Overflow Vulnerabilities: • Generally there are two types of Buffer vulnerabilities coined depending on specific feature categorization and structure of memory overflow. ▫ Stack Overflow Vulnerabilities ▫ Heap Overflow Vulnerabilities
Stack Overflow Vulnerabilities • The stack resides in process memory of our system with a fixed storage capacity and has a Last-In-First-Out data structure. It manages all the memory allocating and memory free-up functions without manual intervention. When the memory input exceeds the limit of stack an overflow occurs resulting in data exploit. A stack overflow can occur in following cases: ✓ Outbound declaration of variables ✓ Infinite recursion What does stack overflow mean? • A stack overflow is an undesirable condition in which a particular computer program tries to use more memory space than the call stack has available. In programming, the call stack is a buffer that stores requests that need to be handled. ... It is usually defined at the start of a program.
CS409(PIS)/Module3/CSE/SBCE 6
Downloaded From www.ktunotes.in What is stack overflow attack? • In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. ... Stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. Stack Basics • A stack is contiguous block of memory containing data. • Stack pointer (SP) – a register that points to the top of the stack. • The bottom of the stack is at fixed address. • Its size is dynamically adjusted by kernel at run time. • CPU implements instructions to PUSH onto and POP off the stack.
Lower memory addresses
High memory addresses
• A stack consists of logical stack frames that are pushed when calling a function and popped when returning. Frame pointer (FP) – points to a fixed location within a frame. • When a function is called, the return address, stack frame pointer and the variables are pushed on the stack (in that order). • So the return address has a higher address as the buffer. • When we overflow the buffer, the return address will be overwritten. void function() { … return; } void main() { .. Function(); .. }
CS409(PIS)/Module3/CSE/SBCE 7
Downloaded From www.ktunotes.in
Example Code void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; } void main(){ function(1,2,3); }
bottom of memory top of memory
buffer2 buffer1 sfp ret a b c
<------[ ][ ] [ ] [ ] [ ] [ ] [ ]
Top of stack bottom of stack
Exploiting Stack Overflows: • Provide input to a buffer on the stack which includes malicious code (often called shellcode) • Overflow the buffer so that the return address to the calling program is overwritten with the address of the malicious code • That way, when the called function terminates, it will not return to the calling program. Instead, the malicious code will be executed
CS409(PIS)/Module3/CSE/SBCE 8
Downloaded From www.ktunotes.in
(i) Before the attack (ii) after injecting the attack code
(iii) executing the attack code
CS409(PIS)/Module3/CSE/SBCE 9
Downloaded From www.ktunotes.in General Form of Security Attack Achieves Two Goals: 1. Inject the attack code, which is typically a small sequence of instructions that spawns a shell, into a running process. 2. Change the execution path of the running process to execute the attack code. How can we place arbitrary instruction into its address space? -→place the code that you are trying to execute in the buffer we are overflowing, and overwrite the return address so it points back into the buffer. Impact: • Denial of Service • Memory leakages Protection from Stack overflows: • Using non executable stack which does not hold any code • Using the robust programming languages where the memory access functions can’t be triggered easily • Use compilers which prevent overflows • Always check and validate the inputs received
Cross Site Scripting (XSS) • Cross-Site Scripting (referred to as XSS) is a type of web application attack where malicious client-side script is injected into the application output and subsequently executed by the user’s browser • XSS is a vulnerability which when present in websites or web applications, allows malicious users (Hackers) to insert their client-side code (normally JavaScript) in those web pages. When this malicious code along with the original webpage gets displayed in the web client (browsers like IE, Mozilla etc), allows Hackers to gain greater access of that page. • It can be used to take over a user’s browser in a variety of ways ▪ Cross Site Scripting (XSS) is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is ▪ The trusted website is used to store, transport, or deliver malicious content to the victim ▪ The target is to trick the client browser to execute malicious scripting commands ▪ JavaScript, VBScript, ActiveX, HTML, or Flash ▪ Caused by insufficient input validation.
CS409(PIS)/Module3/CSE/SBCE 10
Downloaded From www.ktunotes.in Cross Site Scripting Risks XSS can : ▪ Steal cookies ✓ Hijack of user’s session ✓ Unauthorized access ✓ Modify content of the web page ✓ Inserting words or images ✓ Misinform ✓ Bad reputation ✓ Spy on what you do ▪ Network Mapping ▪ XSS viruses ▪ stealing other user’s cookies ▪ stealing their private information ▪ performing actions on behalf of other users ▪ redirecting to other websites ▪ Showing ads in hidden IFRAMES and popups
CS409(PIS)/Module3/CSE/SBCE 11
Downloaded From www.ktunotes.in Cross Site Scripting Types Three known types: ▪ Reflected (Non-Persistent) ✓ Link in other website or email ▪ Stored (Persistent) ✓ Forum, bulletin board, feedback form ▪ DOM Based XSS(Local) ✓ PDF Adobe Reader, FLASH player 1) Reflected (Non-Persistent) • Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. • An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. • The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
• Malicious content does not get stored in the server • The server bounces the original input to the victim without modification • Exploits the fact that some servers echo back certain user input back to the client without validating it • For example, a user may be asked for personal details in an HTML form. Suppose he enters his name as “Prashant”. The server then responds with “Hello Prashant”
CS409(PIS)/Module3/CSE/SBCE 12
Downloaded From www.ktunotes.in • Note that the server has echoed back his name • Now, what would happen if, instead of Prashant, the user enters Reflected XSS Example • Exploit URL: http://www.nikebiz.com/search/?q=&x=0&y=0 • HTML returned to victim:
Search Results
Search: ""
2) Stored XSS • JavaScript supplied by the attacker is stored by the website (e.g. in a database) • Doesn’t require the victim to supply the JavaScript somehow, just visit the exploited web page • More dangerous than Reflected XSS ▫ Has resulted in many XSS worms on high profile sites like MySpace and Twitter • The server stores the malicious content • The server serves the malicious content in its original form • The malicious code (scripts) on a web page is saved on the web server. • When an innocent user downloads the web page, the malicious scripts execute on that user’s browser. • Example: Users update their profile on a social networking site. These profiles may be read (downloaded) by other users through their browsers
CS409(PIS)/Module3/CSE/SBCE 13
Downloaded From www.ktunotes.in 3) DOM Based XSS (Local) • DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim's browser used by the original client-side script, so that the client-side code runs in an “unexpected” manner. • Occur in the content processing stages performed by the client
http://www.some.site/page.html?default=ASP.NET /page.html?default=
Examples of XSS in code • This script is named welcome.cgi, and its parameter is “name”. It can be operated this way: GET /welcome.cgi?name=Joe%20Hacker HTTP/1.0 Host: www.vulnerable.site ... And the response would be:
Welcome to our system ...
CS409(PIS)/Module3/CSE/SBCE 14
Downloaded From www.ktunotes.in Examples of XSS in code • Such a link looks like: http://www.vulnerable.site/welcome.cgi?name= The victim, upon clicking the link, will generate a request to www.vulnerable.site, as follows: GET/welcome.cgi?name= HTTP/1.0 Host: www.vulnerable.site And the vulnerable site response would be:
Welcome to our system
Examples of XSS in code • The malicious link would be: http://www.vulnerable.site/welcome.cgi?name= And the response page would look like:
RULE #1 - HTML Escape Before Inserting Untrusted Data into HTML Element Content
...ESCAPE UNTRUSTED DATA BEFORE PUTTING HERE…CS409(PIS)/Module3/CSE/SBCE 17
Downloaded From www.ktunotes.in RULE #3 - JavaScript Escape Before Inserting Untrusted Data into HTML JavaScript Data Values The only safe place to put untrusted data into these event handlers as a quoted "data value.“ inside a quoted string one side of a quoted expression
CS409(PIS)/Module3/CSE/SBCE 18
Downloaded From www.ktunotes.in SQL Injection • SQL injection is a code injection technique that might destroy your database. • SQL injection is one of the most common web hacking techniques. • SQL injection is the placement of malicious code in SQL statements, via web page input. 1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user.
User
Pass ‘ or 1=1--
Firewall
DB Server Web Server
SQL Injection – Example1 Login Form
The above form accepts the email address, and password then submits them to a PHP file named index.php.CS409(PIS)/Module3/CSE/SBCE 19
Downloaded From www.ktunotes.in Create DB CREATE TABLE `users` (`id` INT NOT NULL AUTO_INCREMENT, `email` VARCHAR (45) NULL, `password` VARCHAR (45) NULL, PRIMARY KEY (`id`)); insert into users (email, password) values ('[email protected]‘, (‘1234'));
ID EMAIL PASSWORD
1 [email protected] 1234
web page input
Email [email protected]
Password 1234
Login
• Let’s suppose the statement at the backend (PHP & MySQL) for checking user ID is as follows SELECT * FROM users WHERE email = $_POST['email'] AND password = md5($_POST['password']); • The above statement uses the values of the $_POST[] array directly without sanitizing them. The password is encrypted using MD5 algorithm. • These values has to be checked in the DB. • Original code is SELECT * FROM users WHERE email = [email protected] AND password = md5(1234); • The out put is:
CS409(PIS)/Module3/CSE/SBCE 20
Downloaded From www.ktunotes.in SQL Injection Vulnerabilities Let’s suppose an attacker provides the following input • Step 1: Enter [email protected] as the email address • Step 2: Enter xxx') OR 1 = 1 -- ] as the password
Injected SQL code: SELECT * FROM users WHERE email = '[email protected]' AND password = md5('xxx') OR 1 = 1 -- ]'); • The diagram below illustrates the statement has been generated.
CS409(PIS)/Module3/CSE/SBCE 21
Downloaded From www.ktunotes.in
Example 2: Let’s suppose an attacker provides the following input • Step 1: Enter [email protected]' OR 1 = 1 LIMIT 1 -- ‘ ] as the email Step 2: Enter 1234 as the password • The Injected SQL code: SELECT * FROM users WHERE email = '[email protected]' OR 1 = 1 LIMIT 1 -- ' ] AND password = md5(‘1234'); • [email protected] ends with a single quote which completes the string quote • OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record. • -- ' AND … is a SQL comment that eliminates the password part.
Example 3 SQL Injection Based on ""="" is Always True • Here is an example of a user login on a web site:
Username: John Doe
Password: myPass
CS409(PIS)/Module3/CSE/SBCE 22
Downloaded From www.ktunotes.in uName = getRequestString("username"); uPass = getRequestString("password"); sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + ‘“’
Original SQL code: SELECT * FROM Users WHERE Name ="John Doe" AND Pass ="myPass" • A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:
Username: “or” “= ”
Password: “or” “= ”
Injected SQL code: SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""="“ The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.
SQL Injection after effect • Bypass login page • DOS - Deny of service • Install web shell • Iframe injection • Access system files • Install db backdoor • Theft of sensitive information / credit cards • Additional step of the attack: ▫ Attack computers on the LAN
CS409(PIS)/Module3/CSE/SBCE 23
Downloaded From www.ktunotes.in Phishing • Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. • Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. Detect a Phishing Scam • Spelling errors (e.g., “pessward”), lack of punctuation or poor grammar • Hyperlinked URL differs from the one displayed, or it is hidden • Threatening language that calls for immediate action • Requests for personal information • Announcement indicating you won a prize or lottery • Requests for donations • Phishing – Cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses • Designed to trick you into clicking a link or providing personal or financial information • Often in the form of emails and websites • May appear to come from legitimate companies, organizations or known individuals • Take advantage of natural disasters, epidemics, health scares, political elections or timely events • eBay and PayPal are two of the most targeted companies, and online banks are also common targets. • Phishing is typically carried out by email or instant messaging, and often directs users to give details at a website, although phone contact has been used as well. • E-mails supposedly from the Internal Revenue Service have also been used. • Social Networking sites are also a target of phishing, since the personal details in such sites can be used in identity theft. • Experiments show a success rate of over 70% for phishing attacks on social networks
CS409(PIS)/Module3/CSE/SBCE 24
Downloaded From www.ktunotes.in Types of Phishing • Mass Phishing (Deceptive Phishing) – Mass, large-volume attack intended to reach as many people as possible • Spear Phishing – Targeted attack directed at specific individuals or companies using gathered information to personalize the message and make the scam more difficult to detect • Whaling (CEO Fraud) – Type of spear phishing attack that targets “big fish,” including high-profile individuals or those with a great deal of authority or access • Clone Phishing(pharming) – Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address. so it appears to come from the original sender or another legitimate source • Advance-Fee Scam- Requests the target to send money or bank account information to the cybercriminal Phishing – Link Manipulation • Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. • Misspelled URLs (Uniform resource locator ) or the use of subdomains are common tricks used by phishers, such as this example URL, http://www.Suntrust.com.bank.com/. • Another common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the phishers' site. Phishing Lure • Claims to come from the NDSU IT Help Desk and system administrators • References NDSU and North Dakota State University • Calls for immediate action using threatening language • Includes hyperlink that points to fraudulent site
CS409(PIS)/Module3/CSE/SBCE 25
Downloaded From www.ktunotes.in • Claims to come from the NDSU Human Resources • Timely call for action during annual review season • From address includes NDSU, but not .edu address (@ndsu.com) • Includes hyperlink that points to fraudulent site
• Claims to come from PayPal • Includes PayPal logo, but from address is not legitimate (@ecomm360.net) • Calls for immediate action using threatening language • Includes hyperlink that points to fraudulent site
CS409(PIS)/Module3/CSE/SBCE 26
Downloaded From www.ktunotes.in
Protect Yourself: Refuse the Bait • Do not click on any hyperlinks in the email ▫ User your computer mouse to hover over each link to verify its actual destination, even if the message appears to be from a trusted source ▫ Pay attention to the URL and look for a variation in spelling or different domain (e.g., ndsu.edu vs. ndsu.com) ▫ Consider navigating to familiar sites on your own instead of using links within messages • Examine websites closely ▫ Malicious websites may look identical to legitimate sites ▫ Look for “https://” or a lock icon in the address bar before entering any sensitive information on a website • Users can take steps to avoid phishing attempts by slightly modifying their browsing habits. • Users who are contacted about an account needing to be "verified" (or any other topic used by phishers) can contact the company that is the subject of the email to check that the email is legitimate, They can also type in a trusted web address for the company's website into the address bar of their browser to bypass the link in the suspected phishing message. • Nearly all legitimate email messages from companies to their customers will contain an item of information that is not readily available to phishers. • Some companies, like PayPal, always address their customers by their username in emails, so if an email addresses a user in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing. • SPAM filters can also help by reducing the number of phishing emails that users receive in their inboxes.
CS409(PIS)/Module3/CSE/SBCE 27
Downloaded From www.ktunotes.in Model Questions 1. What is vulnerability? Give the different types of vulnerabilities. 2. What is software vulnerability? What are the common types of software flaws that lead to vulnerability? 3. Why is buffer overflow a vulnerability? 4. How do buffer overflow attacks work? 5. With an example explain the concept of buffer overflow. Discuss how the buffer overflow has security implications. 6. What do you understand by a stack and a buffer overflow? How are these two different? What are the practices of writing a safe program code? 7. Describe how a stack buffer overflow attack is implemented. 8. What are the impacts in buffer overflow vulnerability? 9. Explain in detail about exploiting stack overflows with example. 10. How to protect stack overflow attack? 11. What is XSS or Cross Site Scripting? 12. What information can an attacker steal using XSS? 13. What are the types of XSS? 14. What is stored XSS? 15. What is reflected XSS? 16. What is DOM- based XSS? 17. What is cross site scripting? How can it be prevented? 18. Why is cross site scripting dangerous? 19. How often do you find DOM-based XSS vulnerabilities? 20. What is “SQL injection”? 21. How can you detect SQL injection? What is the most common SQL injection tool? 22. What is injection attack? 23. What is code injection attack? 24. How can SQL injection be prevented? 25. How do we prevent SQL injection in our applications? 26. Explain what is phishing? How can it be prevented? 27. What is the difference between spam and phishing? 28. How do I avoid becoming a victim of a phishing scam? 29. What are the different types of phishing? 30. What are some examples of phishing? 31. What is a phishing attempt? 32. What are three characteristics of a phishing email?
CS409(PIS)/Module3/CSE/SBCE 28
Downloaded From www.ktunotes.in